We help IT Professionals succeed at work.
Get Started

How to setup Enforced TLS Encryption on SBS 2011 when using a Mail Filter service

Assist-Netopa
on
1,436 Views
Last Modified: 2015-02-28
Our customer has a standard out of the box Small Business Server 2011 and uses Fusemail e-mail filtering services, between the mail server that is SBS 2011 and the recipients (the Internet). Fusemail will scan and filter e-mail both inbound and outbound.
In the Fusemail configuration there is a PUBLIC LEG and a PRIVATE LEG to configure TLS Encryption for e-mail if required. So we have enabled the PUBLIC LEG and set up a destination DOMAIN so that e-mails between our customer and this 3rd party would always be TLS Encrypted - Enforced. In actual fact the PUBLIC LEG only enforces TLS encryption between FUSEMAIL (for the customer) and the 3rd party e-mail DOMAIN.
The PRIVATE LEF will only TLS Encrypt e-mail between FUSEMAIL and the customer mail server, this completing the journey between the customer and this 3rd party. That should all work, however while the PUBLIC LEG is testing as being O.K., the PRIVATE LEG is NOT!
Every time we enable the PRIVATE LEG on the FUSEMAIL configuration, the inbound mail does not get delivered and just queues up at Fusemail. When we disable it again, the inbound mail flows as normal, but not encrypted. Fusemal report that our SBS 2001 is not sending out the STARTTLS command, however we think it is.

In SBS 2011 we have Exchange 2010, and we have ticked the box in the EMC for Enable Domain Security (Mutual Auth TLS) - see attached. We also have a secure certificate for the customer domain and it is enabled for SMTP.

When we do our test :- telnet mail.domainname.com 25 followed by ehlo we do see a 250 STARTTLS in the listing.

Can someone advise what we might be doing wrong here.

Thanks,

Netopa Team
TLS.JPG
Comment
Watch Question
CERTIFIED EXPERT
Most Valuable Expert 2014
Commented:
This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE